<?php
session_name(DicomScience);
session_start();

$login_username = $_POST['loginUsername'];
$login_password = $_POST['loginPassword'];
$set_cookie = $_POST['setCookie']; // 'true' if checked

require('gset.php');
require('./database/connect.php');
$sql_checkuser = "SELECT id_staff, username, password, lastname, firstname, userlevel FROM staff WHERE username='$login_username' AND password='$login_password'";
$checkuser = mysql_query($sql_checkuser);
# $checkusercount = mysql_query($sql_checkuser);
require('./database/closedb.php');

# $count = count(mysql_fetch_object($checkusercount));

while($usr = mysql_fetch_object($checkuser)){	
	$id_user = $usr->id_staff;
	$username = $usr->username;
	$password = $usr->password;
	$lastname = $usr->lastname;
	$firstname = $usr->firstname;
	$userlevel = $usr->userlevel;

}

if (($username != $login_username) || ($password != $login_password)){
	# user not registered or credentials incorrect
	Header("Location: portalMain.php?auth=false");
	exit();
}

if ($set_cookie == 'true'){
	
	// setze variablen  und cookie
	$cookieData = array($id_user,$userlevel,$firstname,$lastname,$username);
	$content = implode("&", $cookieData);
	setcookie("DicomScienceCookie", $content, time()+31104000, "/");
	
	$_SESSION['userid'] = $id_user;
	$_SESSION['userlevel'] = $userlevel;
	$_SESSION['firstname'] = $firstname;
	$_SESSION['lastname'] = $lastname;
	$_SESSION['username'] = $username;
	
	Header("Location: portalMain.php");
	exit();
	
} else {
	
	$_SESSION['userid'] = $id_user;
	$_SESSION['userlevel'] = $userlevel;
	$_SESSION['firstname'] = $firstname;
	$_SESSION['lastname'] = $lastname;
	$_SESSION['username'] = $username;
	
	Header("Location: portalMain.php");
	exit();
}

?>